Read the back traffic for this list - search for freebsd (or pcap_dispatch). You'll find the patch required for 4.x. Or you could grab the cvs source - that has it included.
-----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Neal Rauhauser Sent: Friday, March 18, 2005 7:58 AM To: [email protected] Subject: [Ntop] ntop chokes under load I have a FreeBSD 4.11 box with 256 meg of ram, a P3/700, and a ten gig disk. The machine has two integrated Intel fxp type ethernet cards and does nothing but ntop. The link it is monitoring is a peering connection between two fairly large ISPs and it carries about four mbits of traffic with many, many src/dst pairs on a continuous basis. I installed FreeBSD 4.11, used cvsup to update /usr/ports, then built and installed ntop. I start it using /usr/local/etc/rc.d/ntop.sh, it runs fine for about four minutes, then it stops collecting statistics. The contents of /var/log/messages seems relevant - look at the ioctl error messages near the very end of the listing. I also included the details on what packages are installed on the box - any suggestions? Mar 18 13:37:12 hunter ntop[62335]: ntop v.3.1 MT (SSL) Mar 18 13:37:12 hunter ntop[62335]: Configured on Mar 14 2005 12:07:13, built on Mar 14 2005 12:08:50. Mar 18 13:37:12 hunter ntop[62335]: Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Mar 18 13:37:12 hunter ntop[62335]: Get the freshest ntop from http://www.ntop.org/ Mar 18 13:37:12 hunter ntop[62335]: Initializing ntop Mar 18 13:37:12 hunter ntop[62335]: NONBLOCK: pcap_setnonblock(), device 0, succeeded Mar 18 13:37:12 hunter ntop[62335]: **WARNING** NONBLOCK: cpu usage may be high - see man page and FAQ Mar 18 13:37:12 hunter ntop[62335]: Checking fxp1 for additional devices Mar 18 13:37:12 hunter ntop[62335]: Resetting traffic statistics for device fxp1 Mar 18 13:37:12 hunter ntop[62335]: DLT: Device 0 [fxp1] is 1, mtu 1514, header 14 Mar 18 13:37:12 hunter ntop[62335]: Initializing gdbm databases Mar 18 13:37:12 hunter ntop[62335]: VENDOR: Loading MAC address table. Mar 18 13:37:12 hunter ntop[62335]: VENDOR: Checking for MAC address table file Mar 18 13:37:12 hunter ntop[62335]: VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Mar 18 13:37:12 hunter ntop[62335]: VENDOR: ntop continues ok Mar 18 13:37:12 hunter ntop[62335]: VENDOR: Checking for MAC address table file Mar 18 13:37:12 hunter ntop[62335]: VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded Mar 18 13:37:12 hunter ntop[62335]: VENDOR: ntop continues ok Mar 18 13:37:12 hunter ntop[62335]: Fingeprint: Loading signature file. Mar 18 13:37:12 hunter ntop[62335]: Fingeprint: ...loaded 1697 records Mar 18 13:37:12 hunter ntop[62335]: INIT: Parent process is exiting (this is normal) Mar 18 13:37:12 hunter ntop[62336]: INIT: Bye bye: I'm becoming a daemon... Mar 18 13:37:12 hunter ntop[62336]: Now running as a daemon Mar 18 13:37:12 hunter ntop[62336]: ASN: Checking for Autonomous System Number table file Mar 18 13:37:12 hunter ntop[62336]: **WARNING** ASN: Unable to open file 'AS-list.txt' Mar 18 13:37:12 hunter ntop[62336]: I18N: This instance of ntop does not support multiple languages Mar 18 13:37:12 hunter ntop[62336]: IP2CC: Checking for IP address <-> Country Code mapping file Mar 18 13:37:12 hunter ntop[62336]: IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz' Mar 18 13:37:14 hunter ntop[62336]: IP2CC: ...found 52395 lines Mar 18 13:37:14 hunter ntop[62336]: GDVERCHK: Guessing at libgd version Mar 18 13:37:14 hunter ntop[62336]: GDVERCHK: ... as 2.0.21+ Mar 18 13:37:14 hunter ntop[62336]: Initializing external applications Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (141537280) for network packet analyser Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (141539328) for fingerprinting Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (141540352) for idle hosts detection Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (141541376) for DNS address resolution Mar 18 13:37:14 hunter ntop[62336]: Calling plugin start functions (if any) Mar 18 13:37:14 hunter ntop[62336]: SSL: Initializing... Mar 18 13:37:14 hunter ntop[62336]: SSL_PRNG: Automatically initialized! Mar 18 13:37:14 hunter ntop[62336]: SSL initialized successfully Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Initializing web server Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Initializing tcp/ip socket connections for web server Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Initialized socket, port 3000, address (any) Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Waiting for HTTP connections on port 3000 Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Initialized ssl socket, port 3001, address (any) Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Waiting for HTTPS (SSL) connections on port 3001 Mar 18 13:37:14 hunter ntop[62336]: INITWEB: Starting web server Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (141543424) for web server Mar 18 13:37:14 hunter ntop[62336]: Listening on [fxp1] Mar 18 13:37:14 hunter ntop[62336]: Loading Plugins Mar 18 13:37:14 hunter ntop[62336]: Searching for plugins in /usr/local/lib/ntop/plugins Mar 18 13:37:14 hunter ntop[62336]: ICMP: Welcome to icmpWatchPlugin. (C) 1999-2004 by Luca Deri Mar 18 13:37:14 hunter ntop[62336]: LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Mar 18 13:37:14 hunter ntop[62336]: NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Packet processor thread running... Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Fingerprint scan thread running... Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Idle host scan thread running... Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Address resolution thread running... Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: web connections thread (62336) started... Mar 18 13:37:14 hunter ntop[62336]: Note: SIGPIPE handler set (ignore) Mar 18 13:37:14 hunter ntop[62336]: WEB: ntop's web server is now processing requests Mar 18 13:37:14 hunter ntop[62336]: PDA: Welcome to PDAPlugin. (C) 2001-2004 by L.Deri and W.Brock Mar 18 13:37:14 hunter ntop[62336]: RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca Deri. Mar 18 13:37:14 hunter ntop[62336]: SNMP: Welcome to snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Mar 18 13:37:14 hunter ntop[62336]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Mar 18 13:37:14 hunter ntop[62336]: XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Mar 18 13:37:14 hunter ntop[62336]: Calling plugin start functions (if any) Mar 18 13:37:14 hunter ntop[62336]: RRD: Welcome to the RRD plugin Mar 18 13:37:14 hunter ntop[62336]: RRD: Mask for new directories is 0700 Mar 18 13:37:14 hunter ntop[62336]: RRD: Mask for new files is 0066 Mar 18 13:37:14 hunter ntop[62336]: RRD: Started thread (147308544) for data collection. Mar 18 13:37:14 hunter ntop[62336]: NETFLOW: no devices to initialize Mar 18 13:37:14 hunter ntop[62336]: Now running as requested user 'nobody' (65534:65534) Mar 18 13:37:14 hunter ntop[62336]: INIT: Created pid file (/var/db/ntop/ntop.pid) Mar 18 13:37:14 hunter ntop[62336]: Note: Reporting device initally set to 0 [fxp1] Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: Started thread (147309568) for network packet sniffing on fxp1 Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: rrd thread (147308544) started Mar 18 13:37:14 hunter ntop[62336]: THREADMGMT: pcapDispatch(fxp1) thread running... Mar 18 13:39:52 hunter ntop[62336]: **WARNING** Address resolution queue is full [4096 slots] Mar 18 13:39:52 hunter ntop[62336]: Addresses in excess won't be resolved - ntop continues Mar 18 13:41:28 hunter ntop[62336]: **ERROR** Reading packets on device 0 (fxp1): 'read: Inappropriate ioctl for device' Mar 18 13:41:28 hunter ntop[62336]: THREADMGMT: pcapDispatch thread terminated... Mar 18 13:43:15 hunter ntop[62361]: **ERROR** http generation failed, alarm() tripped. Please report this to ntop-dev list! Mar 18 13:43:18 hunter ntop[62362]: **ERROR** http generation failed, alarm() tripped. Please report this to ntop-dev list! Mar 18 13:45:12 hunter ntop[62336]: CLEANUP: ntop caught signal 15 Mar 18 13:45:12 hunter ntop[62336]: CLEANUP: Cleaning up, set FLAG_NTOPSTATE_TERM Mar 18 13:45:12 hunter ntop[62336]: SIGPIPE: Handled (ignored) 0 errors Mar 18 13:45:12 hunter ntop[62336]: CLEANUP: Locking purge mutex (may block for a little while) Mar 18 13:45:12 hunter ntop[62336]: CLEANUP: Locked purge mutex, continuing shutdown Mar 18 13:45:12 hunter ntop[62336]: FREE_HOST: Start, 1 device(s) Mar 18 13:45:13 hunter ntop[62336]: FREE_HOST: End, freed 5533 Mar 18 13:45:13 hunter ntop[62336]: PLUGIN_TERM: Unloading plugins (if any) Mar 18 13:45:13 hunter ntop[62336]: RRD: Locking mutex (may block for a little while) Mar 18 13:45:13 hunter ntop[62336]: RRD: Locked mutex, continuing shutdown Mar 18 13:45:13 hunter ntop[62336]: RRD: killThread() succeeded Mar 18 13:45:13 hunter ntop[62336]: RRD: Thanks for using the rrdPlugin Mar 18 13:45:13 hunter ntop[62336]: RRD: Done Mar 18 13:45:13 hunter ntop[62336]: NETFLOW: Terminating NetFlow Mar 18 13:45:13 hunter ntop[62336]: NETFLOW: no devices to terminate () Mar 18 13:45:13 hunter ntop[62336]: NETFLOW: Thanks for using ntop NetFlow Mar 18 13:45:13 hunter ntop[62336]: NETFLOW: Done Mar 18 13:45:13 hunter ntop[62336]: CLEANUP: Freeing device fxp1 (idx=0) Mar 18 13:45:13 hunter ntop[62336]: STATS: 410,567 packets received by filter on fxp1 Mar 18 13:45:13 hunter ntop[62336]: STATS: 220,232 packets dropped (according to libpcap) Mar 18 13:45:13 hunter ntop[62336]: STATS: 0 packets dropped (by ntop) Mar 18 13:45:13 hunter ntop[62336]: TERM: Removed pid file (/var/db/ntop/ntop.pid) expat-1.95.8 XML 1.0 parser written in C freetype2-2.1.9 A free and portable TrueType font rendering engine gd-2.0.33_1,1 A graphics library for fast creation of images gdbm-1.8.3_1 The GNU database manager gettext-0.14.1 GNU gettext package gmake-3.80_2 GNU version of 'make' utility jpeg-6b_3 IJG's jpeg compression utilities libgnugetopt-1.2 GNU getopt library libiconv-1.9.2_1 A character set conversion library libnet-1.0.2a,1 A C library for creating IP packets libtool-1.3.5_2 Generic shared library support script (version 1.3) libtool-1.5.10_1 Generic shared library support script (version 1.5) lrzsz-0.12.20_1 Receive/Send files via X/Y/ZMODEM protocol. (unrestrictive m4-1.4.1 GNU m4 minicom-2.1 An MS-DOS Telix serial communication program "workalike" nmap-3.81 Port scanning utility for large networks ntop-3.1_1 Network monitoring tool with command line and web interface pcre-5.0 Perl Compatible Regular Expressions library pkgconfig-0.15.0_1 A utility used to retrieve information about installed libr png-1.2.8_1 Library for manipulating PNG images -- "Now my sails are filling, with winds so willing, and I'm as good as gone again" - Saint of Circumstance _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
